[AzureADDS] Updated Bastion guidance

iainfoulds · iainfoulds · commit 2863e0ea8ff1 · 2020-03-18T16:51:54.000-07:00
diff --git a/articles/active-directory-domain-services/secure-remote-vm-access.md b/articles/active-directory-domain-services/secure-remote-vm-access.md
@@ -9,17 +9,19 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/17/2020
+ms.date: 03/18/2020
 ms.author: iainfou
 
 ---
 # Secure remote access to virtual machines in Azure Active Directory Domain Services using Remote Desktop Services and Network Policy Server (NPS) with Azure Multi-Factor Authentication
 
 To secure remote access to virtual machines (VMs) that run in an Azure Active Directory Domain Services (Azure AD DS) managed domain, you can use Remote Desktop Services (RDS) and Network Policy Server (NPS). Azure AD DS authenticates users as they request access through the RDS environment. For enhanced security, you can integrate Azure Multi-Factor Authentication to provide an additional authentication prompt during sign-in events. Azure Multi-Factor Authentication uses an extension for NPS to provide this feature.
 
-> [!NOTE]
+> [!IMPORTANT]
 > The recommended way to securely connect to your VMs in an Azure AD DS managed domain is using Azure Bastion, a fully platform-managed PaaS service that you provision inside your virtual network. A bastion host provides secure and seamless Remote Desktop Protocol (RDP) connectivity to your VMs directly in the Azure portal over SSL. When you connect via a bastion host, your VMs don't need a public IP address, and you don't need to use network security groups to expose access to RDP on TCP port 3389.
 >
+> We strongly recommend that you use Azure Bastion in all regions where it's supported. In regions without Azure Bastion availability, follow the steps detailed in this article until Azure Bastion is available. Take care with assigning public IP addresses to VMs joined to Azure AD DS where all incoming RDP traffic is allowed.
+>
 > For more information, see [What is Azure Bastion?][bastion-overview].
 
 This article shows you how to configure RDS in Azure AD DS and optionally use the Azure Multi-Factor Authentication NPS extension.
